Thank you! We have actually increased by over 200 subs the last month so hopefully it increase over the next months :) I think its fun to make the videos so i dont mind, but always fun if more ppl watch it. I found it really hard to find good check point content on youtube so tought i could contribute with some content :D
Hi Magnus, I'm a total newbie involved in a total migration from R76 to 80.40 and, honestly, your videos saved my life. Can thank you enough for the great job and superb explanation, will only say that in one of our calls to CP they've provided one of your videos as example of what should we do to solve an issue we had. Can't believe the low number of subscribers, you just keep with the good work and hopefully more people will appreciate this job well done. Greetings from Spain!
Thank you! It’s really fun to see that the videos are helpful :) Haha that’s pretty cool, I haven’t heard that before. Am aware that there are a few ppl at check point watching them :) I guess check point owe me a few beers at the next CPX event :D
Thank you :) Yes I personally think that the CCSA certificate skips out many vital things and they are not even within CCSE. Within a larger organization you will learn it after working with the products after some months or a year. But within a small environment it’s hard to get recommendation, blueprints etc, So this “CCSA” course includes what I think is expected from a certified tech working or wanting to work with check point :) Regarding you tube content, it’s generally hard to find something :( hopefully we can add some more. The ppl at my work is asking for content regarding MDS and VSX :)
Hi Magnus, I only just found your channel as I searching for VSX. I would like to thank you for your time and effort in creating these videos, they have been very helpful. Please don't remove the troubleshooting parts they are very helpful. Looking forward to seeing the complete VSX and MDS videos, and also could you do some videos on Bonds and Ethernet sub interfaces
Welcome to the channel! Yes when it comes to the MDS / VSX i will for sure have it included as its a large part of managing a larger environment. within this specific playlist (the ccsa) i try to keep it pretty streamline, well some hickups are needed to actually learn :) But i try to avoid things that goes more on a CCSE level. I will not be able to build bonds etc in the lab, but i will take screenshots and some short clips from real production VSX installations with bonds so its possible to actually see bonds/vlan/multiq etc. Thank you for watching and i do hope you learn something :)
@magnus thank you so much for providing these videos. I was wondering if you have a PDF or PowerPoint you wouldn't mind providing when following these logs. Thanks in advance!
Your welcome, I don’t really have any pdf / PowerPoint. But there are instructions within the installation and upgrade guide sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/206107
Hi Magnus, Can you help us with the video how to import the older logs to the management and view those logs in smart log dashboard. This would be helpful
Aha thats a good suggestion on a video actually. Its more and more common as if you need to go back in the logs for a security incident they will ask for longs a longtime back aswell. I will see if i can prepp a video for that.
Hi, Can we have the log server separated from the production and install on a VMWARE box in the production? Do we need to have additional license to do so? Please advice. Thank you.
Am not sure of the full process for the install database and what actually happens in the background. But in general when doing changes within mgmt objects on the mgmt server i always do the install database. So in regards to a logserver, if its not done the logs can display incorrect objects for example. All of this serie is based on real world and my experience, if doing like this it do work :) Honestly i havn´t digged to much in to why you need to do specific things. So i will qoute Timothy_Hall on one of his forum posts. " 2018-09-24 02:39 PM I get this question all the time in the CCSA classes I teach, and the best way I've found to explain it is the following: "Install Database" is more or less a subset of an "Install Policy" operation to a security gateway. Prior to starting the verification and compilation of a gateway's security policy, the SMS (and any other secondary SMS's or separate Log Servers) needs to "get its own house in order" by checking for any configuration changes on the SMS object or other Global Property settings that affect its own operation. This could be any change on the SMS object itself such as enabling the Compliance blade, the SmartEvent blade, a change in firewall log retention policy, and/or any changes made to locally-defined user accounts in the SmartDashboard/SmartConsole as mentioned above. If there are any changes detected the SMS implements them in its own live configuration before proceeding. In R77.30 the "Install Database" operation invoked the command "fwm dbload" on the SMS which performed some or perhaps all of the "Install Database" operation, but I'm not sure if this command is still relevant in R80.10. Note that a publish operation in R80+ management simply commits proposed/candidate changes in an administrator's session to the SMS's postgres database configuration, and is a completely different type of operation. " Also see the documentation :) sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents/R80/CP_R80_SmartDashboard_OLH/1XsAOD74nmuI7gyc1V59rg2
I have a problem when I a add new partition disk with 2TB or more, my logs are very slow sometimes I can't see any log. What is the best practice to have more than 2TB for log server ? and the best configuration hardware, like 16GPU, 32GB RAM ?
2TB during what timeframe? I think sizing of boxes are counted logs/seconds. For our log servers we use 8 CPU and 64GB ram, but it really depends on the environment. We have customers that split there logs out on 3 log servers due to the amount of user logs from web filtering from 100K users.
@@luisfelipecaetano9994 sure you add more disc after and extend the volume It’s the next video in this playlist ;) ruclips.net/video/QJFUQuNsvJs/видео.html I do gzip everything that is older then 15 days and ship it to a different box. If gzip the logs they take about 10% of the space (you can not search for them if gzip) so this is just to be able to save more logs then the 15days or so. It will require CPU to gzip and transfer logs. Do you see that the CPU load is working hard? (More or less check so there is not a process or something that just stuck and eating all the performance) we have something similar about 1-1.5TB per 15days in our MLM (multi domain logserver) What version are you running?
@Magnus Holmberg I running on R80.40 take 119. Sometimes on day I create a file with old logs (tar.gz) , but I don't have a script to do this automate. I'll create one. I have another question about Smart Event, I need a specific license to use like CPSM-LOGS? When I activated the blade SmartEvent I received a alert about that I don't have a license. And one more question, Do you have a SIEM ? or Syslog like grafana or ELK ?
I love when you have error in the config, because show how resolving.... very nice !! Thanks
Your understanding of topic is excellent ! I am surprised to see less number of subscribers ,Keep continue your good work .
Thank you!
We have actually increased by over 200 subs the last month so hopefully it increase over the next months :)
I think its fun to make the videos so i dont mind, but always fun if more ppl watch it.
I found it really hard to find good check point content on youtube so tought i could contribute with some content :D
you the best, bonus part is awesome only someone with vast experience will know.
This is great and well documented. Thank you for the knowledge.
Hi Magnus, I'm a total newbie involved in a total migration from R76 to 80.40 and, honestly, your videos saved my life. Can thank you enough for the great job and superb explanation, will only say that in one of our calls to CP they've provided one of your videos as example of what should we do to solve an issue we had. Can't believe the low number of subscribers, you just keep with the good work and hopefully more people will appreciate this job well done. Greetings from Spain!
Thank you!
It’s really fun to see that the videos are helpful :)
Haha that’s pretty cool, I haven’t heard that before. Am aware that there are a few ppl at check point watching them :)
I guess check point owe me a few beers at the next CPX event :D
@@MagnusHolmberg-NetSec don't know about CP but I do own you a couple of beers. Let me know if you visit Madrid someday and will gladly pay my debt 😊
@@bonelessss hehe no worries!
If you see me in an event just say hi :)
Helped to relate with my production network. Thanks for this content!
Thank you for watching and am glad it helped :) enjoy the rest of the serie.
Most of your content belongs to Production Environment senario which is very hard to find on RUclips........keep making this kind of videos 👍
Thank you :)
Yes I personally think that the CCSA certificate skips out many vital things and they are not even within CCSE.
Within a larger organization you will learn it after working with the products after some months or a year. But within a small environment it’s hard to get recommendation, blueprints etc,
So this “CCSA” course includes what I think is expected from a certified tech working or wanting to work with check point :)
Regarding you tube content, it’s generally hard to find something :( hopefully we can add some more. The ppl at my work is asking for content regarding MDS and VSX :)
excellent explanation.
Thank you :)
Very helpfull video, It help me to understand logs setup and how to setup dedicated server in my envirement
Excellent work 👍
Thank you, hope you enjoy the rest of the content for this course :D
Thanks Magnus and it is really helpful
Hi Magnus, I only just found your channel as I searching for VSX. I would like to thank you for your time and effort in creating these videos, they have been very helpful.
Please don't remove the troubleshooting parts they are very helpful.
Looking forward to seeing the complete VSX and MDS videos, and also could you do some videos on Bonds and Ethernet sub interfaces
Welcome to the channel!
Yes when it comes to the MDS / VSX i will for sure have it included as its a large part of managing a larger environment. within this specific playlist (the ccsa) i try to keep it pretty streamline, well some hickups are needed to actually learn :)
But i try to avoid things that goes more on a CCSE level.
I will not be able to build bonds etc in the lab, but i will take screenshots and some short clips from real production VSX installations with bonds so its possible to actually see bonds/vlan/multiq etc.
Thank you for watching and i do hope you learn something :)
Great Explanation
thank you :)
thank you!!
No worries!
@magnus thank you so much for providing these videos. I was wondering if you have a PDF or PowerPoint you wouldn't mind providing when following these logs. Thanks in advance!
Your welcome, I don’t really have any pdf / PowerPoint.
But there are instructions within the installation and upgrade guide
sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/206107
Hi Magnus,
Can you help us with the video how to import the older logs to the management and view those logs in smart log dashboard. This would be helpful
Aha thats a good suggestion on a video actually.
Its more and more common as if you need to go back in the logs for a security incident they will ask for longs a longtime back aswell.
I will see if i can prepp a video for that.
Hi,
Can we have the log server separated from the production and install on a VMWARE box in the production?
Do we need to have additional license to do so?
Please advice.
Thank you.
Hi,
yes logserver can be separated from the mgmt server.
Yes a logserver licens is needed
Regards
Magnus
Complete VSX , End to end Study and Configuration and Troubleshooting on VSX
MDS / VSX serie is in the process, first 2 videos is out and next one is coming in few days. :)
ruclips.net/p/PL4Jm1LJEII4ZIFjiPJKzwEIGJxfFBF9XQ
'install database' what is it for? And what would happen if we dont perform this step?
Am not sure of the full process for the install database and what actually happens in the background.
But in general when doing changes within mgmt objects on the mgmt server i always do the install database.
So in regards to a logserver, if its not done the logs can display incorrect objects for example.
All of this serie is based on real world and my experience, if doing like this it do work :)
Honestly i havn´t digged to much in to why you need to do specific things.
So i will qoute Timothy_Hall on one of his forum posts.
" 2018-09-24 02:39 PM
I get this question all the time in the CCSA classes I teach, and the best way I've found to explain it is the following:
"Install Database" is more or less a subset of an "Install Policy" operation to a security gateway. Prior to starting the verification and compilation of a gateway's security policy, the SMS (and any other secondary SMS's or separate Log Servers) needs to "get its own house in order" by checking for any configuration changes on the SMS object or other Global Property settings that affect its own operation. This could be any change on the SMS object itself such as enabling the Compliance blade, the SmartEvent blade, a change in firewall log retention policy, and/or any changes made to locally-defined user accounts in the SmartDashboard/SmartConsole as mentioned above. If there are any changes detected the SMS implements them in its own live configuration before proceeding.
In R77.30 the "Install Database" operation invoked the command "fwm dbload" on the SMS which performed some or perhaps all of the "Install Database" operation, but I'm not sure if this command is still relevant in R80.10. Note that a publish operation in R80+ management simply commits proposed/candidate changes in an administrator's session to the SMS's postgres database configuration, and is a completely different type of operation.
"
Also see the documentation :)
sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents/R80/CP_R80_SmartDashboard_OLH/1XsAOD74nmuI7gyc1V59rg2
I have a problem when I a add new partition disk with 2TB or more, my logs are very slow sometimes I can't see any log. What is the best practice to have more than 2TB for log server ? and the best configuration hardware, like 16GPU, 32GB RAM ?
2TB during what timeframe?
I think sizing of boxes are counted logs/seconds.
For our log servers we use 8 CPU and 64GB ram, but it really depends on the environment. We have customers that split there logs out on 3 log servers due to the amount of user logs from web filtering from 100K users.
@@MagnusHolmberg-NetSec 2TB I can save only one month, sometimes 15 days.
@@MagnusHolmberg-NetSec Can I have other disk with 2TB and make a LVM to add in /var/log? having 4tb ?
@@luisfelipecaetano9994 sure you add more disc after and extend the volume
It’s the next video in this playlist ;)
ruclips.net/video/QJFUQuNsvJs/видео.html
I do gzip everything that is older then 15 days and ship it to a different box. If gzip the logs they take about 10% of the space (you can not search for them if gzip) so this is just to be able to save more logs then the 15days or so.
It will require CPU to gzip and transfer logs. Do you see that the CPU load is working hard? (More or less check so there is not a process or something that just stuck and eating all the performance) we have something similar about 1-1.5TB per 15days in our MLM (multi domain logserver)
What version are you running?
@Magnus Holmberg I running on R80.40 take 119. Sometimes on day I create a file with old logs (tar.gz) , but I don't have a script to do this automate. I'll create one. I have another question about Smart Event, I need a specific license to use like CPSM-LOGS? When I activated the blade SmartEvent I received a alert about that I don't have a license. And one more question, Do you have a SIEM ? or Syslog like grafana or ELK ?
VPN Video next please
hehe ye i will fix the VPN video this month, just have been very busy,.
@@MagnusHolmberg-NetSec No Problem Sir :-)